From ef831f7e24219d3db11e785d2af1e2535f4a04ea Mon Sep 17 00:00:00 2001
From: Kevin KADOSH <kevin@crowdsec.net>
Date: Fri, 31 Jan 2025 15:47:51 +0100
Subject: [PATCH] be more specific on params

---
 appsec-rules/crowdsecurity/vpatch-CVE-2024-6205.yaml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2024-6205.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2024-6205.yaml
index 198fee330f8..34e3c86e948 100644
--- a/appsec-rules/crowdsecurity/vpatch-CVE-2024-6205.yaml
+++ b/appsec-rules/crowdsecurity/vpatch-CVE-2024-6205.yaml
@@ -6,7 +6,16 @@ rules:
     - zones:
       - ARGS
       variables:
-       - more_info
+      - wc-api
+      transform:
+      - lowercase
+      match:
+        type: "contains"
+        value: "payplus_gateway"
+    - zones:
+      - ARGS
+      variables:
+      - more_info
       transform:
       - lowercase
       match: